Autore: David A. Wheeler Data: To: The Tails public development discussion list Oggetto: Re: [Tails-dev] Proposal: Add support for curl (does ALL_PROXY fix
it?)
> On Feb 4, 2023, at 2:18 PM, David A. Wheeler <dwheeler@???> wrote:
>
> Currently Tails includes and supports wget. I propose *also* adding support for curl.
Replying to myself, I think there's a slightly better way to automatically support curl.
I previously proposed setting the "ALL_PROXY" environment variable, but the best
setting for curl using ALL_PROXY uses prefixes that might confuse other tools
that might *also* read from ALL_PROXY.
So instead I propose this, to make Tails automatically support curl, while not
interfering with any other program. In short, use CURL_HOME instead, as follows:
A new file </etc/environment.d/90curl-home.conf>
~~~~
CURL_HOME=/etc/curl
~~~~
A new file </etc/curl/.curlrc>:
~~~~
# By default use the Tor proxy for communication.
# Tails uses this curl configuration file by default;
# unset the CURL_HOME environment variable to avoid using this file.
proxy=socks5://127.0.0.1:9050
~~~~
Just be clear, don't include the lines with "~~~~", those just surround the file contents.
By adding these two files, curl "just works" on Tails
(as far as I can tell).
Note: Earlier I proposed used "socks5h://" as the prefix. This *works*, but
it means that every invocation of curl will make a DNS request directly to the
SOCKS proxy. Here I'm using "socks5://" instead; this will tell curl to use its
normal DNS resolution process, which on Tails will invoke the local resolver.
The local resolver can cache DNS request results; if it does, that should reduce the
number of requests if the same DNS name is used multiple times.
If the local DNS resolver isn't caching, and the SOCKS proxy is, then never mind :-).
Note that *no* flexibility is lost. If a user wants a special configuration, the
user can just unset CURL_HOME and then do whatever they want.
While I think it'd be convenient to also have curl itself installed, at the
*least* Tails should add these few lines listed above (or something like them).
so curl will "automatically work".
I don't fully understand how Tor deals with other proxies
(before and/or after), nor Tor bridges, so there may be cases
where this doesn't work. In that case, I'm hoping someone can see that
and figure out the tweaks to make those cases work too.
Again, I think curl should work "out of the box" on Tails without someone
having to figure out proxy configurations.